Managing Industrial Networks For Manufacturing With

2y ago
10 Views
2 Downloads
239.62 KB
7 Pages
Last View : 5d ago
Last Download : 2m ago
Upload by : Genevieve Webb
Transcription

Managing Industrial Networks for Manufacturing with Cisco Technologies(200-601)Exam Description: The exam Managing Industrial Networks for Manufacturing with Cisco Technologies(CCNA IMINS2) certification exam (200-601) is a 90 minute, 65 – 75 question assessment. This examtests concepts and technology commonly found in the automated manufacturing environment. Thisexam tests candidates on the Common Industrial Protocol (CIP) and ProfiNET industrial protocols andthe underlying support network infrastructure design to maximize efficiency within IndustrialEthernet.The following topics are general guidelines for the content likely to be included on the exam. However,other related topics may also appear on any specific delivery of the exam. In order to better reflect thecontents of the exam and for clarity purposes, the guidelines below may change at any time withoutnotice.20%1.01.1IP NetworkingDescribe the difference between enterprise environments and industrial environments1.1.a Enterprise 1.a.3Availability1.1.b Industrial .3Confidentiality1.2Describe the components for making the data flow highly available and predictable in anindustrial environment (QoS, IP addressing, protocol, and hardware resiliency)1.2.a Understand which data flows must be prioritized in an industrial environment1.2.b What are we protecting1.2.c What technologies enable prioritization (threshold alarms, QoS and IGMPmulticast controls)1.3Interpret and diagnose problems that are related to QoS1.3.a How do you know that the QoS policy is doing its job1.3.b Why and when are packets being dropped1.4Describe the differences between redundancy and resiliency requirements / approachesbetween the Enterprise and the plant floor1.4.a First hop redundancy and resiliency, stacking and HSRP1.4.b Plant floor focuses on availability of production more than availability of thenetwork20153 Cisco Systems, Inc. This document is Cisco Public.Page 1

1.4.c19%Multiple lines, multiple end points vs highly resilient uplinks to the network,graceful degradation1.5Differentiate the capabilities of switch types1.5.a Classic Layer 2, classic Layer 3, managed, unmanaged, industrial1.5.b Some Layer 2 switches have Layer 3 switching attributes1.6Describe the life cycle of a multicast group1.6.a How does the joining process work1.6.b How does multicast work (emphasis on LAN)1.6.c What is multicast IGMP doing1.6.d What is the relationship between IP addressing and MAC addressing1.7Describe and configure the operation and use cases for NAT1.7.a What scenarios use NAT1.7.b What are the strengths and weaknesses of NAT1.8Describe and configure the operation for static routing1.8.a What scenarios use static routing1.8.b What are the strengths and weaknesses of static routing1.9Describe and configure VLAN trunking to a virtual switch1.9.a Describe the multiple ways to do server virtualization, link virtual serverstogether1.10Describe and configure Layer 2 resiliency protocols (Spanning Tree, REP, Flex Links,and Etherchannels)1.10.a Limitations of Etherchannels1.10.b Limitations of spanning tree, REP, Flex Links, Etherchannels1.10.c Spanning tree portfast, priorities, guards1.11Configure switch ports ( macros, threshold alarms)1.11.a Threshold limits being exceeded get an alarm1.11.b Understand the likely causes of the alarm1.11.b.1Too many connections2.02.1CIPExplain the CIP connection establishment process2.1.a What are TCP and UDP are used for2.2Explain producer/consumer models and implicit/explicit message models2.2.a Implicit is UDP multicast or unicast2.2.b Explicit is TCP2.2.c CIP connected or CIP unconnected2.3Recognize communication abilities and capacities in different hardware/hardwaregenerations (revisions)2.3.a End point I/O and control, thresholds, PPS, multicast vs unicast2015 Cisco Systems, Inc. This document is Cisco Public.Page 2

2.3.b2.3.c2.3.d19%Given a table be able to interpret throughput vs thresholds (setting alarms)Examine macros and understand implicationsUnderstand limitations of a CIP environment2.4Identify and describe the technologies that enable CIP Motion and CIP Safety2.4.a PTP – best master clock algorithm2.4.b PTP, multicast, QoS, full duplex2.4.c QoS – what are ODVA recommended QoS markings and queue mappings for anindustrial automation network2.4.d Documents – ODVA, CPwE2.4.e Describe the communication technique black channel principle2.5Identify the applicability, limitations, and components of a DLR implementation2.5.a Know the functionality of the DLR supervisor2.5.b Know when to use ETAP, fast convergence time2.6Implement multicast features for CIP within a LAN2.6.a Setting up IGMP using templates (snooping, query per VLAN)2.6.b Alarm threshold use case2.7Optimize RPI on a CIP connection given a set of parameters2.7.a What to set it to (limitations of the device – e.g. switches, controllers, I/Oend points)2.8Enable and configure IEEE 1588 PTP at the system level2.8.a Enabling boundary clocks2.8.b Selecting a grand master2.8.c Enabling transparent clocks2.8.d Checking clock synchronization2.8.e Priority setting2.9Configure the Stratix using the Add On Profile (AOP) in Studio 50003.03.1ProfiNETDescribe the differences in ProfiNET support between Cisco catalyst and Cisco IndustrialEthernet (IE) switches3.1.a Support for VLAN 03.1.b Support for ProfiNET LLDP3.1.c Support for GSDs (integration into SIMATIC STEP 7)3.2Describe the operation and purpose of ProfiSAFE3.3Describe the three basic ProfiNET devices and conformance classes3.3.a Controller, Supervisor and I/O device3.3.b Class A, B, C Cisco IE switches meet class A and B requirements3.4Describe the ProfiNET application classes and communication channels3.4.a ProfiNET CBA and ProfiNET I/O2015 Cisco Systems, Inc. This document is Cisco Public.Page 3

3.4.b3.4.cProfiNET NRT, RT and IRTCyclic I/O, Acyclic I/O, multicast I/O3.5Describe DHCP and how it can be used for IP addressing of devices and configurationpushes3.5.a Describe how DHCP can be used for auto configuration3.6Describe ring network requirements for ProfiNET3.6.a Understand the three redundancy classes3.6.a.1Class 13.6.a.2Class 23.6.a.3Class 33.6.b Discuss MRP and REP and their differences3.7Enable ProfiNET on the switch3.7.a Turn on ProfiNET and define the VLAN3.8Enable Layer 2 QoS to ensure ProfiNET is prioritized3.9Integrate the Cisco Industrial Ethernet Switch in SIMATIC STEP 73.9.a Copy the GSD file off the Cisco Industrial Ethernet Switch and load into SIMATICSTEP 73.9.b Describe the purpose of a GSD file and understand how to locate it on a Ciscoswitch3.9.c Check that the topology has been discovered on SIMATIC STEP 73.9.c.1Show LLDP and ProfiNET LLDP information on switch3.9.d3.9.e3.9.f3.9.gUse and monitor ProfiNET LLDP on the switch (Cisco Industrial Ethernet Switch)ProfiNET extensions are NOT supported on non-industrial switchesTopology discovery in SIMATIC STEP 7 and also for auto-configurationUse show commands to see if ProfiNET is working properly3.9g.1Show LLDP and ProfiNET LLDP information on switch3.9.g.2Show ProfiNET status3.10Configure and monitor ProfiNET alarm profiles on IE switches3.10.a Show monitoring in SIMATIC STEP 73.10.b Create a global alarm profile, apply it to an interface, pull a cable and see ifalarm appears on SIMATIC12%4.04.1SecurityDescribe the defense in-depth approach to securing the industrial zone4.1.a Identify the 6 layer model – device hardening, application security, computerhardening, network security, physical security, policies/procedures/awareness4.2Identify how a security component (hardware/software) applies to a network device tomeet the network security definition of defense in depth4.2.a AAA, perimeter protection, intrusion detection/prevention, end pointprotection2015 Cisco Systems, Inc. This document is Cisco Public.Page 4

4.2.a.14.2.b.14.2.c.14.3Describe network device hardening4.3.a SSH, control plane policing, restricting physical access, authentication4.4Describe the concept and mechanisms of implementing logical segmentation4.4.a ACLs, firewalls, VLANs, industrial DMZ, VRF4.5Identify possible options to control traffic between zones (ACLs, firewalls, VLANs)4.5.a Industrial zone and the enterprise zone and between the cell area zone and theindustrial zone4.5.b OPC, firewall, VLANs, remote access4.5.b.1Remote access question, data movement question4.5.c4.5.d10%20%Fit the previous examples into the right layerWhere would you deploy intrusion protectionWhat policies would applyProperly apply access control lists to routers and switches to allow or limitspecific trafficShow ways to pass/limit data between cells5.05.1WirelessDescribe the differences between 802.11a/b/g/n/ac5.1.a Speeds, frequencies, number of non-overlapping channels, RF interference5.2Describe the components that you need to build multiple wireless networks on a singleaccess point5.2.a SSIDs, SSID map to VLANs; RF spectrum5.2.b Describe why you would have multiple SSIDs5.2.c WPA, WEP, TKIP, AES5.3Describe the difference between autonomous and controller-based access points andwireless workgroup bridges5.4Demonstrate a typical switchport configuration for autonomous and controller-basedaccess points5.5Describe the limitations of using a workgroup bridge with a control communication5.5.a Take an autonomous AP and a workgroup AP configuration file and build aworkgroup bridge5.5.b Why and when would you use a workgroup bridge5.5.c Performance limit recommendations: 20 total wireless nodes (per AP) – fromtesting with no more than 19 wired clients (per WGB); 2200 pps in the wirelesschannel (less with interference); 20% BW reservation for HMI maintenancetraffic (must include non-CIP packets)6.06.1TroubleshootingTroubleshoot advanced Layer 1 problems such as mechanical deterioration,electromagnetic noise issues, and infrastructure mismatches2015 Cisco Systems, Inc. This document is Cisco Public.Page 5

6.2Troubleshoot VLAN trunking6.2.a Native VLAN mismatch, encapsulation types, allowed VLAN list6.2.b Enable network card to see VLAN tags for packet capture6.3Troubleshoot an error disabled port6.3.a MAC address change/port security, UDLD, root guard, BPDU6.4Troubleshoot basic spanning tree port state and root priority problems6.4.a Listening, learning, blocking, root bridge priority6.4.b Identify broadcast storm6.5Troubleshoot Layer 3 problems by inspecting route tables and NAT tables6.5.a Access list problems where something is not communicating – where is theaccess list misconfigured? NAT device is not communicating, incorrectlyconfigured static routes6.5.b Look at diagnostic screen and identify what is happening on the network6.5.c Show a diagnostic readout and identify which diagnostic parameter is indicatingan error6.6Troubleshoot Layer 3 problems in a VRF-lite enabled environment6.6.a Recognize when VRF is active on a device and be able to understand the variousdifferences (commands, tables)6.6.b Show ARP tables from two different VRFs6.7Demonstrate the ability to find the location of a device within a multi-switch networkgiven an IP address6.7.a Ping it, traceroute it, check ARP, get its MAC address, check CAM, which port isit on6.8Identify methods for troubleshooting a communication problem in a CIPenvironment6.9Troubleshoot CIP using an Ethernet/IP browse tool, command line, and a web browser6.9.a Identify that appropriate multicast controls are active in a CIP environment6.9.b Prove that multicast is enabled and functioning properly (is switch configuredproperly, is there an IGMP query)6.9.c Show an IGMP snoop table6.9.d Show that CIP multicast addresses are listed in the snooping table6.10Troubleshoot device communications performance6.10.a Use a UI and network tools to identify threshold limits – Wireshark, switchalarm thresholds, RPI, port counters, MAC address table inspection6.10.b Identify which device is the source of the issue and the resolution. (shut theoffending port down, change software)6.10.c Number of connections6.10.d Validate that a CIP connection is active6.10.e Difference between a CIP connection and a TCP connection2015 Cisco Systems, Inc. This document is Cisco Public.Page 6

6.10.f Look at Wireshark, physical integrity, network integrity, collect traces, spanningtree, using VLAN, using remote VLAN6.10.g Show a simple diagram and know where and why they are collecting a tracefrom a particular place in the network6.10.h When you collect a trace, why do you not see the startup of a CIP connection(packet number, sequence number, power down, recycle cards)6.10.i Interpret a piece of Wireshark that applies to industrial protocols using CIPFilters6.11Identify the source of cable and device faults in a DLR6.11.aTools – control Logix, ETAP, device web pages6.12Identify methods for troubleshooting a communication problem in a ProfiNETenvironment6.12.aLook at SIMATIC STEP 76.12.bIs the cable is plugged into the right port6.12.cIs the port configured for the proper VLAN speed duplex6.12.dAre there port errors6.12.eWhat is the status of the port6.12.fAre there gateway IP problems6.12.gAre there end point problems6.12.hIs port connectivity verified6.12.iIs it configured for the right VLAN6.13Troubleshoot ProfiNET using SIMATIC STEP 7 to view network topology, use the switchcommand line:6.13.a Identify that ProfiNET is enabled on the switches and is configured correctly6.13.b Ensure ProfiNET device switch interfaces are configured in the correct ProfiNETVLAN6.13.c Check LLDP and ProfiNET LLDP switch databases to ensure that devices arerecognized6.13.d Use ProfiNET debug and status commands to ensure correct connectivity6.13.e Use Wireshark to capture and identify non-real time and real-time traffic2015 Cisco Systems, Inc. This document is Cisco Public.Page 7

wireless workgroup bridges 5.4 Demonstrate a typical switchport configuration for autonomous and controller-based access points 5.5 Describe the limitations of using a workgroup bridge with a control communication 5.5.a Take an autonomous AP and a workgroup AP configuration file and build a workgroup bridge

Related Documents:

Bruksanvisning för bilstereo . Bruksanvisning for bilstereo . Instrukcja obsługi samochodowego odtwarzacza stereo . Operating Instructions for Car Stereo . 610-104 . SV . Bruksanvisning i original

10 tips och tricks för att lyckas med ert sap-projekt 20 SAPSANYTT 2/2015 De flesta projektledare känner säkert till Cobb’s paradox. Martin Cobb verkade som CIO för sekretariatet för Treasury Board of Canada 1995 då han ställde frågan

service i Norge och Finland drivs inom ramen för ett enskilt företag (NRK. 1 och Yleisradio), fin ns det i Sverige tre: Ett för tv (Sveriges Television , SVT ), ett för radio (Sveriges Radio , SR ) och ett för utbildnings program (Sveriges Utbildningsradio, UR, vilket till följd av sin begränsade storlek inte återfinns bland de 25 största

Hotell För hotell anges de tre klasserna A/B, C och D. Det betyder att den "normala" standarden C är acceptabel men att motiven för en högre standard är starka. Ljudklass C motsvarar de tidigare normkraven för hotell, ljudklass A/B motsvarar kraven för moderna hotell med hög standard och ljudklass D kan användas vid

LÄS NOGGRANT FÖLJANDE VILLKOR FÖR APPLE DEVELOPER PROGRAM LICENCE . Apple Developer Program License Agreement Syfte Du vill använda Apple-mjukvara (enligt definitionen nedan) för att utveckla en eller flera Applikationer (enligt definitionen nedan) för Apple-märkta produkter. . Applikationer som utvecklas för iOS-produkter, Apple .

och krav. Maskinerna skriver ut upp till fyra tum breda etiketter med direkt termoteknik och termotransferteknik och är lämpliga för en lång rad användningsområden på vertikala marknader. TD-seriens professionella etikettskrivare för . skrivbordet. Brothers nya avancerade 4-tums etikettskrivare för skrivbordet är effektiva och enkla att

Den kanadensiska språkvetaren Jim Cummins har visat i sin forskning från år 1979 att det kan ta 1 till 3 år för att lära sig ett vardagsspråk och mellan 5 till 7 år för att behärska ett akademiskt språk.4 Han införde två begrepp för att beskriva elevernas språkliga kompetens: BI

**Godkänd av MAN för upp till 120 000 km och Mercedes Benz, Volvo och Renault för upp till 100 000 km i enlighet med deras specifikationer. Faktiskt oljebyte beror på motortyp, körförhållanden, servicehistorik, OBD och bränslekvalitet. Se alltid tillverkarens instruktionsbok. Art.Nr. 159CAC Art.Nr. 159CAA Art.Nr. 159CAB Art.Nr. 217B1B